Enforcement System Functions

Use the enforcement functions to mitigate an incident or contain a threat, such as malware, on a remote Microsoft Windows system. You can trigger actions that execute these functions directly from an event Any traffic or data exchange detected by LevelBlue products through a sensor or external devices such as a firewall. or alarm Alarms provide notification of an event or sequence of events that require attention or investigation., and easily create a rule to execute the function for similar events or alarms that occur in the future. You can also create a scheduled job to execute one or more functions for a specific asset, such as performing a system restart at the same time each day.

Important: These functions are supported only for Windows hosts in your USM Anywhere asset inventory.

Target assets must have assigned credentials that are suitable for system-level access to the host. See Configuring the BlueApp for LevelBlue Forensics and Response for more information.